diff --git a/seccomp.go b/seccomp.go index e9845ed..8dad12f 100644 --- a/seccomp.go +++ b/seccomp.go @@ -182,9 +182,9 @@ const ( // ActInvalid is a placeholder to ensure uninitialized ScmpAction // variables are invalid ActInvalid ScmpAction = iota - // ActKill kills the thread that violated the rule. It is the same as ActKillThread. + // ActKillThread kills the thread that violated the rule. // All other threads from the same thread group will continue to execute. - ActKill + ActKillThread // ActTrap throws SIGSYS ActTrap // ActNotify triggers a userspace notification. This action is only usable when @@ -202,14 +202,16 @@ const ( // This action is only usable when libseccomp API level 3 or higher is // supported. ActLog - // ActKillThread kills the thread that violated the rule. It is the same as ActKill. - // All other threads from the same thread group will continue to execute. - ActKillThread // ActKillProcess kills the process that violated the rule. // All threads in the thread group are also terminated. // This action is only usable when libseccomp API level 3 or higher is // supported. ActKillProcess + // ActKill kills the thread that violated the rule. + // All other threads from the same thread group will continue to execute. + // + // Deprecated: use ActKillThread + ActKill = ActKillThread ) const ( @@ -385,7 +387,7 @@ func (a ScmpCompareOp) String() string { // String returns a string representation of a seccomp match action func (a ScmpAction) String() string { switch a & 0xFFFF { - case ActKill, ActKillThread: + case ActKillThread: return "Action: Kill thread" case ActKillProcess: return "Action: Kill process" diff --git a/seccomp_internal.go b/seccomp_internal.go index dae9a79..df4dfb7 100644 --- a/seccomp_internal.go +++ b/seccomp_internal.go @@ -293,7 +293,7 @@ const ( archStart ScmpArch = ArchNative archEnd ScmpArch = ArchRISCV64 // Comparison boundaries to check for action validity - actionStart ScmpAction = ActKill + actionStart ScmpAction = ActKillThread actionEnd ScmpAction = ActKillProcess // Comparison boundaries to check for comparison operator validity compareOpStart ScmpCompareOp = CompareNotEqual @@ -629,8 +629,6 @@ func (a ScmpCompareOp) toNative() C.int { func actionFromNative(a C.uint32_t) (ScmpAction, error) { aTmp := a & 0xFFFF switch a & 0xFFFF0000 { - case C.C_ACT_KILL: - return ActKill, nil case C.C_ACT_KILL_PROCESS: return ActKillProcess, nil case C.C_ACT_KILL_THREAD: @@ -655,8 +653,6 @@ func actionFromNative(a C.uint32_t) (ScmpAction, error) { // Only use with sanitized actions, no error handling func (a ScmpAction) toNative() C.uint32_t { switch a & 0xFFFF { - case ActKill: - return C.C_ACT_KILL case ActKillProcess: return C.C_ACT_KILL_PROCESS case ActKillThread: diff --git a/seccomp_test.go b/seccomp_test.go index 7fb5e4b..c65dbf0 100644 --- a/seccomp_test.go +++ b/seccomp_test.go @@ -274,7 +274,7 @@ func TestFilterCreateRelease(t *testing.T) { t.Errorf("Can create filter with invalid action") } - filter, err := NewFilter(ActKill) + filter, err := NewFilter(ActKillThread) if err != nil { t.Errorf("Error creating filter: %s", err) } @@ -291,7 +291,7 @@ func TestFilterCreateRelease(t *testing.T) { } func TestFilterReset(t *testing.T) { - filter, err := NewFilter(ActKill) + filter, err := NewFilter(ActKillThread) if err != nil { t.Errorf("Error creating filter: %s", err) } @@ -301,7 +301,7 @@ func TestFilterReset(t *testing.T) { action, err := filter.GetDefaultAction() if err != nil { t.Errorf("Error getting default action of filter") - } else if action != ActKill { + } else if action != ActKillThread { t.Errorf("Default action of filter was set incorrectly!") } @@ -326,7 +326,7 @@ func TestFilterReset(t *testing.T) { } func TestFilterArchFunctions(t *testing.T) { - filter, err := NewFilter(ActKill) + filter, err := NewFilter(ActKillThread) if err != nil { t.Errorf("Error creating filter: %s", err) } @@ -402,7 +402,7 @@ func TestFilterArchFunctions(t *testing.T) { } func TestFilterAttributeGettersAndSetters(t *testing.T) { - filter, err := NewFilter(ActKill) + filter, err := NewFilter(ActKillThread) if err != nil { t.Errorf("Error creating filter: %s", err) } @@ -411,7 +411,7 @@ func TestFilterAttributeGettersAndSetters(t *testing.T) { act, err := filter.GetDefaultAction() if err != nil { t.Errorf("Error getting default action: %s", err) - } else if act != ActKill { + } else if act != ActKillThread { t.Errorf("Default action was set incorrectly") } @@ -547,7 +547,7 @@ func TestMergeFilters(t *testing.T) { t.Errorf("Source filter should not be valid after merging") } - filter3, err := NewFilter(ActKill) + filter3, err := NewFilter(ActKillThread) if err != nil { t.Errorf("Error creating filter: %s", err) }